CVE-2018-25038

LOW

Thomson TCW710 ST5D.10.05 - Stored Cross-Site Scripting via PppUserName Parameter

Title source: llm
STIX 2.1

Description

A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://alquimistadesistemas.com/auditando-router-thomson-tcw710
Permissions Required, Third Party Advisory x_refsource_misc
https://vuldb.com/?id.126699

Scores

CVSS v3 3.5
EPSS 0.0054
EPSS Percentile 41.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-80 CWE-79
Status published
Products (1)
technicolor/thomson_tcw710_firmware st5d.10.05
Published Jun 12, 2022
Tracked Since Feb 18, 2026